Review of security controls

Management controls focus on the management of the IT security system
and the management of risk for a system.
They are techniques and concerns that are normally addressed by management.
Routine evaluations and response to identified vulnerabilities are important elements of
managing the risk of a system, thus considered management controls.
SECURITY CONTROLS: The management, operational, and technical controls
(i.e.,safeguards or countermeasures) prescribed for an information system to protect the
confidentiality, integrity, and availability of the system and its information.
SECURITY CONTROL BASELINE: The set of minimum security controls defined for a lowimpact,
moderate-impact,or high-impact information system.
The following are incorrect answers:
Personnel security, physical and environmental protection and documentation are forms of
operational controls.
Reference(s) used for this question:
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf
and
FIPS PUB 200 at http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf

What are the actions that need to be performed in case of a disaster?

Actions to be performed in case of a disaster are not normally part of an
information security policy but part of a Disaster Recovery Plan (DRP).
Only personnel implicated in the plan should have a copy of the Disaster Recovery Plan
whereas everyone should be aware of the contents of the organization's information
security policy.
Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices,
Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 398).

A security domainThe reference monitor

The reference monitor is an abstract machine which must mediate all access
to subjects to objects, be protected from modification, be verifiable as correct, and is
always invoked. The security kernel is the hardware, firmware and software elements of a
trusted computing base that implement the reference monitor concept. The security
perimeter includes the security kernel as well as other security-related system functions
that are within the boundary of the trusted computing base. System elements that are
outside of the security perimeter need not be trusted. A security domain is a domain of trust
that shares a single security policy and single management.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Establishing the priorities of requests

Change control sub-phase includes Recreating and analyzing the problem,
Determining the interface that is presented to the user, and Establishing the priorities of
requests.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and
Systems Development (page 252).

During requirements development

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Accreditation

Accreditation: is an administrative declaration by a designated authority that
an information system is approved to operate in a particular security configuration with a
prescribed set of safeguards. It is usually based on a technical certification of the system's
security mechanisms.
Certification: Technical evaluation (usually made in support of an accreditation action) of an
information system\'s security features and other safeguards to establish the extent to
which the system\'s design and implementation meet specified security requirements.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. 

Auditing and controlling any changes to the Trusted Computing Base.

All of these are components of Configuration Management.
The following answers are incorrect:
Auditing of changes to the Trusted Computing Base. Is incorrect because it refers only to
auditing the changes, but nothing about controlling them. Control of changes to the Trusted Computing Base. Is incorrect because it refers only to
controlling the changes, but nothing about ensuring the changes will not lead to a
weakness or fault in the system.
Changes in the configuration access to the Trusted Computing Base. Is incorrect because
this does not refer to controlling the changes or ensuring the changes will not lead to a
weakness or fault in the system.

Running regular backups and periodically testing the validity of the backup data.

This responsibility would be delegated to a data custodian rather than being
performed directly by the information owner.
"Determine what level of classification the information requires" is incorrect. This is one of
the major responsibilities of an information owner.
"Periodically review the classification assignments against business needs" is incorrect.
This is one of the major responsibilities of an information owner.
"Delegates responsibility of maintenance of the data protection mechanisms to the data
custodian" is incorrect. This is a responsibility of the information owner.
References:
CBK p. 105.
AIO3, p. 53-54, 960

Completeness, Isolation, and Verifiability

A security kernel is responsible for enforcing a security policy. It is a strict
implementation of a reference monitor mechanism. The architecture of a kernel operating
system is typically layered, and the kernel should be at the lowest and most primitive level.
It is a small portion of the operating system through which all references to information and
all changes to authorizations must pass. In theory, the kernel implements access control
and information flow control between implemented objects according to the security policy.
To be secure, the kernel must meet three basic conditions:
completeness (all accesses to information must go through the kernel),
isolation (the kernel itself must be protected from any type of unauthorized access),
and verifiability (the kernel must be proven to meet design specifications).
The reference monitor, as noted previously, is an abstraction, but there may be a reference
validator, which usually runs inside the security kernel and is responsible for performing
security access checks on objects, manipulating privileges, and generating any resulting
security audit messages.
A term associated with security kernels and the reference monitor is the trusted computing
base (TCB). The TCB is the portion of a computer system that contains all elements of the
system responsible for supporting the security policy and the isolation of objects. The
security capabilities of products for use in the TCB can be verified through various
evaluation criteria, such as the earlier Trusted Computer System Evaluation Criteria
(TCSEC) and the current Common Criteria standard.
Many of these security terms—reference monitor, security kernel, TCB—are defined
loosely by vendors for purposes of marketing literature. Thus, it is necessary for security
professionals to read the small print and between the lines to fully understand what the vendor is offering in regard to security features.
TIP FOR THE EXAM:
The terms Security Kernel and Reference monitor are synonymous but at different levels.
As it was explained by Diego:
While the Reference monitor is the concept, the Security kernel is the implementation of
such concept (via hardware, software and firmware means).
The two terms are the same thing, but on different levels: one is conceptual, one is
"technical"
The following are incorrect answers:
Confidentiality, Integrity, and Availability
Policy, mechanism, and assurance
Isolation, layering, and abstraction
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 13858-13875). Auerbach Publications. Kindle
Edition.

Prevention of the modification of information by unauthorized users.
.

There is no need to prevent modification from authorized users. They are
authorized and allowed to make the changes. On top of this, it is also NOT one of the goal
of Integrity within Clark-Wilson. As it turns out, the Biba model addresses only the first of the three integrity goals which is
Prevention of the modification of information by unauthorized users. Clark-Wilson
addresses all three goals of integrity.
The Clark–Wilson model improves on Biba by focusing on integrity at the transaction level
and addressing three major goals of integrity in a commercial environment. In addition to
preventing changes by unauthorized subjects, Clark and Wilson realized that high-integrity
systems would also have to prevent undesirable changes by authorized subjects and to
ensure that the system continued to behave consistently. It also recognized that it would
need to ensure that there is constant mediation between every subject and every object if
such integrity was going to be maintained.
Integrity is addressed through the following three goals:
1. Prevention of the modification of information by unauthorized users.
2. Prevention of the unauthorized or unintentional modification of information by authorized
users.
3. Preservation of the internal and external consistency.
The following reference(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 17689-17694). Auerbach Publications. Kindle
Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 31.

Logical access control mechanisms

It is considered to be a technical control.
Logical is synonymous with Technical Control. That was the easy answer.
There are three broad categories of access control: Administrative, Technical, and
Physical.
Each category has different access control mechanisms that can be carried out manually or
automatically. All of these access control mechanisms should work in concert with each
other to protect an infrastructure and its data.
Each category of access control has several components that fall within it, as shown here:
Administrative Controls
• Policy and procedures
• Personnel controls
• Supervisory structure
• Security-awareness training
• Testing
Physical Controls
Network segregation
Perimeter security
Computer controls
Work area separation
Data backups
Technical Controls
System access
Network architecture
Network access
Encryption and protocols
Control zone
Auditing The following answers are incorrect :
Screening of personnel is considered to be an administrative control
Development of policies, standards, procedures and guidelines is considered to be an
administrative control
Change control procedures is considered to be an administrative control.
Reference : Shon Harris AIO v3 , Chapter - 3 : Security Management Practices , Page : 52-
54

Confidentiality, integrity and availability

The following answers are incorrect because:
Accountability, confidentiality and integrity is not the correct answer as Accountability is not
one of the fundamental principle of security.
Integrity, availability and accountability is not the correct answer as Accountability is not
one of the fundamental principle of security.
Availability, accountability and confidentiality is not the correct answer as Accountability is
not one of the fundamental objective of security.
References : Shon Harris AIO v3 , Chapter - 3: Security Management Practices , Pages :
49-52